The creative-yet-creepy forms of online tracking have become so sophisticated that billions of Internet users have likely triggered the tracking without ever knowing it. But “there is hope,” experts say.

One especially popular program — called canvas fingerprinting — commands user’s computers to draw a hidden image when it visits particular sites. The canvas image created by the process contains a unique set of data that differentiates from millions of other users — much like a human fingerprint, hence the moniker.

Photo credit: Shutterstock

Canvas fingerprinting is used by roughly the top 1,000 Internet sites to record user data and sell that information to advertising companies. (Image source: Shutterstock)

Canvas fingerprinting is used by roughly the top 1,000 Internet sites to record user data and sell that information to advertising companies. The software creates the hidden digital “fingerprint” by reading data from browser configurations from the user’s computer.

But what if your computer and your browser configurations match someone else?

Impossible, said Eric B. Delisle, CEO of DigiThinkIt. He told TheBlaze the canvas tracking is so precise, it’s closer to DNA testing that mere fingerprint matching.

“The chances that two computers are identical is slim to none, and slim has gone back to Texas … the tiniest variations will make the image different, and that’s why it’s such a large threat,” he said.

But what would happen if 10 users had the exact same computers and configurations — wouldn’t they present the same image?

“If you had 10 computers that were configured in the same way — they had the same graphics cards, the same font libraries, and so on — the images will be very similar, if not the same,” he said. “But then what happens in addition to the image creation, is that JavaScript will request additional information from your computer,” he said.

To illustrate, Delisle told this reporter to visit the Digithinkit system check page (you should too). Clicking on the “navigator” link shows just how many unique bits of application data a computer leaks with each website visit.

“If you keep clicking on those folders,” he said, “you can see that’s a lot of information a website can see about you … all of these different objects, and all of these different plug-ins and all of this information. They’re not just using the canvas exploit, they’re using the navigator exploit as well.”

So how can you avoid it?

As Gizmodo noted, “You can use the Tor network to go online anonymously and avoid all sorts of tracking,” but Delisle said that isn’t enough: The real solution is disabling the JavaScript altogether.

“The tiniest variations will make the image different, and that’s why it’s such a large threat…”
Share:

“There is a plugin for the Firefox browser called “NoScript,” which is actually a program we use in the iCloak ,” he said. ”If the JavaScript program can’t execute the command command to write to the canvas element, then you can’t be fingerprinted — the plugin stops the JavaScript from running on websites, unless you give permission.”

Delisle said many people choose to allow “trusted sites” to run JavaScript on their computers, especially since the function of the site typically depend upon it.

Full disclosure: TheBlaze uses the canvas software. Why? Let’s take a look.

This style of tracking was invented in 2012, and a company called AddThis developed the code that is used in 95 percent of the cases for the top 1,000 sites on the web, according to Gizmodo.

The crux is this: let’s say you see a product on TheBlaze on the pop-up ad software, and you end up buying it. It’s no secret that the way media outlets are funded is primarily through advertising. However, TheBlaze also gets “affiliate” marketing credit if you see a product and then buy it later from another site. The only way the advertising companies will know you first saw it on TheBlaze site is by tracking the activity through software like the canvas fingerprinting.

“So who deserves the commission?” Delisle asked. “This is a challenge, right? The way that affiliate programs have dealt with this is they’ve used technology like the canvas fingerprinting model to get around people disabling cookies … and now they’ll actually split the commissions.”

(H/T: ProPublica)

Follow Elizabeth Kreft (@elizabethakreft) on Twitter